ai-threat-testing

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly directs agents to perform token/session extraction and capture "full response bodies," "network logs," and "captured outputs" as proof-of-concept evidence, which requires handling and likely outputting secrets (API keys/tokens) verbatim.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The skill content is high-risk and potentially malicious because it contains explicit, actionable techniques and payloads for data exfiltration, credential/token extraction, privilege escalation, remote execution/backdoor-style exploits, supply-chain manipulation, logging/forensic evasion, and obfuscation methods that can be used to compromise systems or steal sensitive data.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly accepts arbitrary LLM application URLs and RAG/vector databases as targets and includes tests for "Indirect injection via RAG/documents" and "Vector DB Poisoning" (Agent 8), so it will ingest and interpret untrusted, user-provided third‑party documents as part of its workflow.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly directs agents to perform privilege escalation, state-modification exploits (including log deletion/forensic evidence destruction and lateral movement), which entail modifying system state and would likely require sudo or other high-privilege actions.